On Fri, 06 Jul 2018, Matt Stamp wrote:
> After applying an update to my UEFI/BIOS my microcode is rev 0x8e. A
> package seperate for your, needrestart said that the available
> microcode did not match my currently applied version 0x84. Though
> even after the recent update from Intel I am still getting that
> message.
That's a limitation in the needsrestart logic, which isn't easy to fix
at all. The kernel doesn't help (it doesn't tell you the BIOS microcode
revision on Intel, only the current revision), and Intel doesn't help
(they sometimes downgrade or recall microcode updates so you can't
assume it will just go up on intel-microcode updates), so it can't do a
perfect job.
Maybe it can be improved, but that would be something to explore in a
bug report against needrestart, not intel-microcode.
> Is this correct? Is the revision in intel-microcode-3.20180703.2 for
> Kabby Lake really 0x84? According to some of my reading Intel
Yes, it is really 0x84, unfortunately(?)
This information can be found in /usr/share/doc/intel-microcode/
changelog.gz, although it can be a bit cryptic unless you've read the
README or tried running "iucode_tool -Sv" to know your processor's
signature.
> released the 0x8e version and so I thought it would be included in
> their recent release.
We wish. No, it isn't. From the Debian changelog of intel-microcode:
--8<--
+ First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+ SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
server dies.
--8<--
As you can see, the vast majority of the processors affected, Kaby lake
included, are still missing in the public update release of 2018-07-03.
> If this is some issue with the needrestart package or perl within than
> no big deal and please feel free to close this ticket.
I will close the bug report when we get a Kabi Lake update with revision
0x8e or higher.
If you want to ask the needrestart package to improve their detection,
please open a bug against that package. I am not sure much can be done
on that regard without kernel changes, though.
--
Henrique Holschuh
